Skip navigation.
Home

Exploits

A new member of the Offensive Computing team - Dante Allegro

| | | | | | | |

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at ) offensivecomputing.net.

Clickjacking

I suppose every one by now would have heard about this new exploit in web browsers and flash player. If not, please look into these:

http://www.darkreading.com/document.asp?doc_id=165431&WT.svl=news1_3

http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/

http://www.chinadaily.com.cn/world/2008-10/09/content_7091169.htm

http://ha.ckers.org/blog/20081007/clickjacking-details/

The information above can be pretty helpful. If any one has other important information about this like websites which are hosting this exploit (or are exposed to it), please share

Clickjacking sample

|

I suppose every one by now would have heard about this new exploit in web browsers and flash player. If not, please look into these:

http://www.darkreading.com/document.asp?doc_id=165431&WT.svl=news1_3

http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/

http://www.chinadaily.com.cn/world/2008-10/09/content_7091169.htm

http://ha.ckers.org/blog/20081007/clickjacking-details/

iPhone Users Vulnerable to URL Spoofing Attack

As I was reading my RSS feeds, I just noticed that Aviv Raff disclosed two vulnerabilities found in iPhone on Jewish new year (Oct 2). But, to my surprise the phishing vulnerability isn’t new really ... Further Read

Prevalence of Exploited PDFs

|

While the threat landscape has changed dramatically over the past years, attackers are becoming increasingly aggressive in exploring ways to get into users’ system.

A spammed email with an EXE attachment no longer penetrates the wider network or users, now that most home users and enterprise networks have a certain level of awareness on information security.

But, how about spamming an exploited file like a PDF?

The incidents of exploited PDF files are not isolated. Instead, there has been a consistent prevalence and recurrence of this threat. Further Reading

Multiple Exploit Pages

Discovered more websites using exploits in Adobe software to infect a users system. Some minor analysis and video of exploit in action.

MDAC Exploit Page (iexplorer.exe)
e427f1c2438259b5b4bb386aec822e30

Another Adobe Acrobat Exploit (accwizm.exe)-VIDEO
2bee943c7b8e63d17a92b99087ba15a7

PurityScan

| |

Hi, I'm wondering if there are any purityscan droppers available. Also looking to find out what the exploit is that is used to use invalid çharacters for the filenames.

Anyone with info please let me know.

Thanks in advance.

MS Word document embedded Malware

I am looking for MS Word document embedded executable malware that launches itself when MS Word is opened. Any new or old malware version is appreciated.

New Wave of Surveillance Software - VM Takeover

I have encountered a surveillance program on my network computers. Once infected, the computers have been found to be operating inside a VM, with very limited ability to see the outside machine. There are clues which indicate the existence of the outer Machine.

I have gotten by much of the restrictions of being stuck in a VM. I am looking for the escape route. This is a targeted attack, affecting myself and all of my computers. Additionally, the program goes after anyone who directly assists me. Please do not dismiss this as paranoia, it is not.

heidu

hei kom her

Syndicate content